Some systems of access control are based on an analysis of biometric characteristics of a person to determine, for example, whether the latter is authorized to access a protected place. Such an analysis of biometric characteristics is also used in some authentication or identification systems that aim to authenticate or identify a person. Such an analysis is conventionally based on a comparison of biometric data captured about a person in the course of a check with data stored in a database.
Thus, for example, in the case of access control systems, biometric data corresponding to people for whom access is authorized are stored in a database. At the end of a step of comparing data captured about a person in the course of a check with stored data, the system is able to determine whether this person belongs to those for whom access is authorized.
In this type of biometric system, this comparison step is a key step on which the reliability of the system rests.
The document “A Fuzzy Commitment Scheme” by Juels and Wattenberg 1999 proposes transforming this comparison step into a conventional decoding problem. Previously stored biometric data b1 are compared with biometric data b2 about a person captured in the course of a check. To this end, this document proposes applying an “exclusive or” operation to the biometric data b1 of these data with an error correcting code c. Hence coded biometric data f are obtained. Then, to compare the captured biometric data b2 with the biometric data b1, it is determined whether the following operation is satisfied:f⊕b2=c⊕e
in which e is an error having a weight lower than the correction capacity of the code.
In the case in which this equation is satisfied, it is deduced from this that the stored biometric data b1 and the captured biometric data b2 correspond to each other.
The document “Combining Cryptography with Biometrics Effectively” by Hao Anderson and Daugman, 2005, proposes applying this general principle consisting in using an error correcting code in a comparison step of a biometric system, in the specific case of biometric data corresponding to an iris. Biometric data relating to the iris are encoded over 256 octets, hence forming an iris code. First, an iris code B is determined for use as a reference datum. A biometric key K is generated by a random number generator. This biometric key K is then encoded with a correcting code coming from a Reed-Solomon code and from a Hadamard code to provide a pseudo iris code K′.
The “exclusive or” operation is then applied between the pseudo iris code K′ and the iris code B representing the reference datum to provide a result R that satisfies the following equation:R=B⊕K′
The result R of this latter operation is then stored along with the biometric key in a hashed form H(K).
Then, when a person is being checked, biometric data from his/her iris are captured in the form of a captured iris code B′.
The “exclusive or” operation is then applied between the stored result R and this captured iris code B′ to obtain the following result R′:R′=B′⊕R
Next, the result R′ is decoded based on the correcting code previously used to encode the biometric key K in order to produce a biometric key C.
The same hash function is then applied to the biometric key C hence obtained and the biometric key stored in its hashed form H(K) is compared with the biometric key C in its hashed form H(C).
If the following equation is satisfied:H(K)=H(C)it is deduced from this that the captured biometric data correspond to the reference datum.
Biometric data are represented here by an iris code having a size limited to 256 octets.
This iris code is obtained by processing an iris image. Now, such an image may have different characteristics depending on the context in which it has been captured, and especially depending on the exposure of the iris to light at the moment the image is captured or again depending on the movement of the person during capture of the iris image.
Various processes enable the different potential disturbances that can affect such an image to be smoothened.
Thus, for example, it is possible to apply various image processing filters so as to obtain a plurality of respective levels of information relating to the same image, thus enabling the information relating to the iris being processed to be enriched.
In order to smooth the disturbances to the iris image capture, it is also possible to carry out a plurality of iris image captures. In this case, the information relating to the iris is also multiplied and different levels of information are obtained.
Each of these information levels may then correspond, in the context of the document “Combining Cryptography with Biometrics Effectively”, to an iris code encoded over 256 octets. To process this plurality of information levels, it is then possible to apply successively the method described in the previously mentioned document in relation to the various information levels. Hence, the comparison step would then consist in successively comparing the iris codes B with iris codes B′, each resulting from the application of one filter from a plurality of filters considered or again resulting from one image capture from a plurality of image captures carried out.
Such a comparison step would therefore correspond to a plurality of comparison steps based on data from 256 octets, each having a limited reliability level.